From 9e4604fb352d91486587757c397d36d3d9ff33f6 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Tue, 12 Oct 2021 07:23:17 +0200 Subject: [PATCH] fdsfds --- files/mail/__init__.py | 6 +++--- files/routes/admin.py | 6 +++--- files/routes/awards.py | 8 ++++---- files/routes/comments.py | 4 ++-- files/routes/giphy.py | 2 +- files/routes/login.py | 6 +++--- files/routes/posts.py | 10 +++++----- files/routes/settings.py | 6 +++--- files/routes/users.py | 6 +++--- 9 files changed, 27 insertions(+), 27 deletions(-) diff --git a/files/mail/__init__.py b/files/mail/__init__.py index 2be13d9d3..81252a240 100644 --- a/files/mail/__init__.py +++ b/files/mail/__init__.py @@ -54,10 +54,10 @@ def api_verify_email(v): @auth_desired def activate(v): - email = request.values.get("email", "") - id = request.values.get("id", "") + email = request.values.get("email", "").strip() + id = request.values.get("id", "").strip() timestamp = int(request.values.get("time", "0")) - token = request.values.get("token", "") + token = request.values.get("token", "").strip() if int(time.time()) - timestamp > 3600: return render_template("message.html", v=v, title="Verification link expired.", diff --git a/files/routes/admin.py b/files/routes/admin.py index 2f564fff5..1d73fd22c 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -240,7 +240,7 @@ def get_rules(v): @validate_formkey def post_rules(v): - text = request.values.get('rules', '') + text = request.values.get('rules', '').strip() with open(f'./{SITE_NAME} rules.html', 'w+') as f: f.write(text) @@ -874,11 +874,11 @@ def ban_user(user_id, v): if 'form' in request.values: days = float(request.values.get("days")) if request.values.get('days') else 0 reason = sanitize(request.values.get("reason", "")) - message = request.values.get("reason", "") + message = request.values.get("reason", "").strip() else: days = float(request.values.get("days")) if request.values.get('days') else 0 reason = sanitize(request.values.get("reason", "")) - message = request.values.get("reason", "") + message = request.values.get("reason", "").strip() if not user: abort(400) diff --git a/files/routes/awards.py b/files/routes/awards.py index dd5a10795..ae3e64cfc 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -191,7 +191,7 @@ def award_post(pid, v): if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden."}, 403 - kind = request.values.get("kind", "") + kind = request.values.get("kind", "").strip() if kind not in AWARDS: return {"error": "That award doesn't exist."}, 404 @@ -232,7 +232,7 @@ def award_post(pid, v): msg = f"@{v.username} has given your [post]({post.permalink}) the {AWARDS[kind]['title']} Award!" - note = request.values.get("note", "") + note = request.values.get("note", "").strip() if note: msg += f"\n\n> {note}" @@ -255,7 +255,7 @@ def award_comment(cid, v): if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden"}, 403 - kind = request.values.get("kind", "") + kind = request.values.get("kind", "").strip() if kind not in AWARDS: return {"error": "That award doesn't exist."}, 404 @@ -296,7 +296,7 @@ def award_comment(cid, v): msg = f"@{v.username} has given your [comment]({c.permalink}) the {AWARDS[kind]['title']} Award!" - note = request.values.get("note", "") + note = request.values.get("note", "").strip() if note: msg += f"\n\n> {note}" diff --git a/files/routes/comments.py b/files/routes/comments.py index e2b771e90..137440641 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -143,7 +143,7 @@ def api_comment(v): level = parent.level + 1 else: abort(400) - body = request.values.get("body", "")[:10000] + body = request.values.get("body", "").strip()[:10000] body = body.strip() if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400 @@ -578,7 +578,7 @@ def edit_comment(cid, v): if c.is_banned or c.deleted_utc > 0: abort(403) - body = request.values.get("body", "")[:10000] + body = request.values.get("body", "").strip()[:10000] for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') body_md = CustomRenderer().render(mistletoe.Document(body)) diff --git a/files/routes/giphy.py b/files/routes/giphy.py index 81a4248de..a222d92b7 100644 --- a/files/routes/giphy.py +++ b/files/routes/giphy.py @@ -11,7 +11,7 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip() @app.get("/giphy") def giphy(path=None): - searchTerm = request.values.get("searchTerm", "") + searchTerm = request.values.get("searchTerm", "").strip() limit = int(request.values.get("limit", 48)) if searchTerm and limit: url = f"https://api.giphy.com/v1/gifs/search?q={searchTerm}&api_key={GIPHY_KEY}&limit={limit}" diff --git a/files/routes/login.py b/files/routes/login.py index 60e5606e5..8138a05e5 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -12,7 +12,7 @@ valid_password_regex = re.compile("^.{8,100}$") @auth_desired def login_get(v): - redir = request.values.get("redirect", "/").replace("/logged_out", "") + redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() if v: return redirect(redir) @@ -146,7 +146,7 @@ def login_post(): check_for_alts(account.id) - redir = request.values.get("redirect", "/").replace("/logged_out", "") + redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() g.db.commit() @@ -205,7 +205,7 @@ def sign_up_get(v): digestmod='md5' ).hexdigest() - redir = request.values.get("redirect", "/").replace("/logged_out", "") + redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() error = request.values.get("error", None) diff --git a/files/routes/posts.py b/files/routes/posts.py index e1bd1f3e3..c8c2733ee 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -198,8 +198,8 @@ def edit_post(pid, v): if not p.author_id == v.id: abort(403) - title = request.values.get("title") - body = request.values.get("body", "") + title = request.values.get("title", "").strip() + body = request.values.get("body", "").strip() if title != p.title: p.title = title @@ -497,8 +497,8 @@ def thumbnail_thread(pid): def submit_post(v): if request.content_length > 4 * 1024 * 1024: return "Max file size is 4 MB.", 413 - title = request.values.get("title", "") - url = request.values.get("url", "") + title = request.values.get("title", "").strip() + url = request.values.get("url", "").strip() if url: if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp") @@ -572,7 +572,7 @@ def submit_post(v): if request.headers.get("Authorization"): return {"error": "500 character limit for titles"}, 400 else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400 - body = request.values.get("body", "") + body = request.values.get("body", "").strip() dup = g.db.query(Submission).options(lazyload('*')).filter( Submission.author_id == v.id, Submission.deleted_utc == 0, diff --git a/files/routes/settings.py b/files/routes/settings.py index 428287ead..b2ddc106b 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -482,7 +482,7 @@ def settings_security_post(v): @validate_formkey def settings_log_out_others(v): - submitted_password = request.values.get("password", "") + submitted_password = request.values.get("password", "").strip() if not v.verifyPass(submitted_password): return render_template("settings_security.html", v=v, error="Incorrect Password"), 401 @@ -594,7 +594,7 @@ def settings_css_get(v): @limiter.limit("1/second") @auth_required def settings_css(v): - css = request.values.get("css").strip().replace('\\', '')[:4000] + css = request.values.get("css").strip().replace('\\', '').strip()[:4000] if not v.agendaposter: v.css = css @@ -617,7 +617,7 @@ def settings_profilecss_get(v): @auth_required def settings_profilecss(v): if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css." - profilecss = request.values.get("profilecss").strip().replace('\\', '')[:4000] + profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000] v.profilecss = profilecss g.db.add(v) g.db.commit() diff --git a/files/routes/users.py b/files/routes/users.py index 7c7fb87d3..a18a18a41 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -126,7 +126,7 @@ def transfer_coins(v, username): if receiver is None: return {"error": "That user doesn't exist."}, 404 if receiver.id != v.id: - amount = request.values.get("amount", "") + amount = request.values.get("amount", "").strip() amount = int(amount) if amount.isdigit() else None if amount is None or amount <= 0: return {"error": f"Invalid amount of {app.config['COINS_NAME']}."}, 400 @@ -232,7 +232,7 @@ def message2(v, username): if v.admin_level <= 1: if hasattr(user, 'is_blocked') and user.is_blocked: return {"error": "This user is blocking you."}, 403 - message = request.values.get("message", "")[:1000].strip() + message = request.values.get("message", "").strip()[:1000].strip() existing = g.db.query(Comment).options(lazyload('*')).filter(Comment.author_id == v.id, Comment.sentto == user.id, @@ -289,7 +289,7 @@ def message2(v, username): @auth_required def messagereply(v): - message = request.values.get("body", "")[:1000].strip() + message = request.values.get("body", "").strip()[:1000].strip() id = int(request.values.get("parent_id")) parent = get_comment(id, v=v) user = parent.author